UPDATE: RSA Responds to Flaw Finding

RSA, the company, has responded to a report released on Valentines Day claiming a big problem with RSA, the encryption algorithm. Researchers claimed to have found a much larger than expected number of duplicate encryption keys in a large trove of them, indicating that an awful lot of stuff is not secure.

RSA's short answer is a little like the difference between RSA the company and RSA the encryption algorithm. RSA, the encryption algorithm, is quite sound, thank-you-very-much. The implementation of that algorithm, on the other hand, leaves something to be desired.

In an email, RSA (the company again; algorithms aren't very good at writing long emails) blames "the exploding number of embedded devices that are connected to the internet today" in which the algorithm is poorly implemented. In particular, the company homes in on not-random-enough number generation. (Check out an excellent article by a pair of Intel engineers for a good explanation of why random numbers are important and how to derive them from the workings of a computer processor.)

On February 14, 2012, a research paper was submitted for publication stating that an alleged flaw has been found in the RSA encryption algorithm. Our analysis confirms to us that the data does not point to a flaw in the algorithm, but instead points to the importance of proper implementation, especially regarding the exploding number of embedded devices that are connected to the internet today.

We welcome this form of research into security technologies in general, as it contributes to better overall security for everyone. The RSA algorithm has withstood such scrutiny for decades from multiple sources. But good cryptography, including RSA’s, depends on proper implementation. True random number generation underpins nearly all cryptographic algorithms and protocols, and must be performed with care to protect against the weakening of well-designed cryptography.

Our analysis of the data points to the need for better care in implementation, generally tied to embedded devices. We see no fundamental flaw in the algorithm itself, and urge all cryptography users to ensure good implementation and best practices are followed.

For more detailed analysis of the report by an independent party, please visit this blog written by Dan Kaminsky.

Comments

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.